The Future of Data Encryption in Insurance

Inadequate data encryption is making insurers across the industry vulnerable to security breaches.

The insurance industry has a reputation for stability, expertise, and thoroughness. These strengths are the product of time. Longevity has its purpose in insurance, which has a history punctuated by economic calamity, war, and social and political upheaval. The great insurers of yesteryear remain the great insurers of today.

The institutional integrity of many of our most recognizable insurers is solid. Individual agents provide steady reassurance, thorough marketing, advertising and professionalism that are assets to the industry and provide a favorable impression to policyholders.

However, despite this sense of security, policies cannot just be protected by thick stainless steel doors and stacked certificates of indemnification, alphabetized and aligned in symmetrical rows. Beyond the physically dense climate-controlled bunkers and vaults, where room temperature prevents the yellowing of these documents and insurers protect against fires and floods, the cleverest thieves -- armed with the most valuable intelligence -- can destroy an insurance company in a few minutes or hours. This is where all the standard operating procedures of the insurance industry collapse.

I refer, specifically, to the inadequate encryption that makes every insurer vulnerable to massive data breaches. Please note that I issue this statement based on experience, not exaggeration or an appetite for sensationalism. In my role as founder of Impervio E-IRM System (Enhanced Information Rights Management), I seek to empower insurers against these threats. Impervio is a testament to this commitment because it is, by the strictest definition of the word, impenetrable.

While insurers do a commendable job of trying to educate the public about security, they do not have the encryption necessary to win the battle against hackers and cyber criminals. Put a different way, the existing form of encryption -- the system that governs so many industries -- relies on the false assertion that it would take someone 3,000 years to break this code.

This presumption is seriously inaccurate because, in reality, the trained eye can spot gaping holes and points of weakness within this theory. Sophisticated thieves already know when and how to exploit these security vulnerabilities, which act as gateways to confidential client data, electronic medical records, intra-office communications, personal checking account codes and credit card numbers.

To better appreciate the gravity of this situation, think of current forms of encryption as four massive walls that surround a vital piece of intellectual property. From a distance, like its physical corollary between East and West Berlin, or its even lengthier cousin known as the Maginot Line, this wall looks impressive -- and imposing -- until you see all the cracks and barren sections previously covered by concrete now exposed with a thin pane of asbestos and chicken wire.

The cyber equivalent to these frayed walls and abandoned outposts is the model of encryption insurers continue to use. Indeed, the best example of the need for a superior method of encryption involves what we see and hear every day, particularly advertisements from security experts who claim they have the latest patch (for a patch, on top of another patch) to fix a breach.

Given the number of such "solutions," along with the competing claims of the companies promoting these expensive products and services, insurers can draw one obvious conclusion: The alleged invulnerability of the status quo is just that -- an unsubstantiated promise, not an accurate assertion.

The only genuine solution, which is also the only means of avoiding a potentially catastrophic data breach, is for insurers to take the lead on this issue. By adopting new and better standards of encryption, the insurance industry can maintain the peace of mind clients want and expect to receive. From customer satisfaction to professional credibility, the rewards of encryption abound.

Randy Reaney is the Founder and Co-CEO of Toronto-based Impervio Technologies Inc., which specializes in impenetrable cyber security automation. He has over twenty-five years of global business experience with organizations in the software, banking, real estate, media, sales ... View Full Bio

Thanks for sharing, Randy. As you mention, current forms of encryption aren't strong enough to ward off present and future cyber criminals. It's a growing problem, as insurers are receiving even more customer information that has to be protected. It's time for businesses to reevaluate their standards for encryption and build stronger strategies.